client

{% if ansible_hostname.startswith("os-") %}
# OpenShift REALLY wants tun0. Let's make sure openvpn doesn't claim it
dev tun1
{% else %}
dev tun
{% endif %}

proto udp

# Specify multiple vpn servers here
remote gateway
remote bastion02
remote bastion-iad01

resolv-retry infinite

nobind

persist-key

#up /etc/openvpn/fix-routes.sh
#up-restart

cipher AES-256-CBC
auth SHA512
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server

comp-lzo

#route 10.5.126.0 255.255.255.0
keepalive 10 60
